Chapter 12: OSPF Configuration and Troubleshooting

Learning Objectives

By the end of this chapter, you will be able to: - Understand OSPF fundamentals and operation - Configure single-area and multi-area OSPF - Implement OSPF authentication and security - Troubleshoot OSPF routing issues - Optimize OSPF performance and convergence

OSPF Fundamentals

What is OSPF?

Open Shortest Path First (OSPF) is a link-state routing protocol that uses the Shortest Path First (SPF) algorithm to calculate the best paths through a network. OSPF is an Interior Gateway Protocol (IGP) designed for use within an autonomous system.

Key OSPF Characteristics

• Link-State Protocol: Maintains complete network topology
• Classless: Supports VLSM and CIDR
• Fast Convergence: Rapid response to network changes
• Scalable: Hierarchical design with areas
• Standards-Based: Open standard (RFC 2328)
• Load Balancing: Equal-cost multipath support

OSPF Operation Overview

OSPF Process

1. Neighbor Discovery: Find adjacent routers
2. Database Synchronization: Exchange link-state information
3. SPF Calculation: Calculate shortest paths
4. Routing Table Update: Install best routes

OSPF Packet Types

Type	Name	Purpose
1	Hello	Neighbor discovery and maintenance
2	Database Description (DBD)	Database synchronization
3	Link State Request (LSR)	Request specific LSAs
4	Link State Update (LSU)	Send LSAs
5	Link State Acknowledgment (LSAck)	Acknowledge LSAs

OSPF Areas

OSPF uses areas to create a hierarchical network design that improves scalability and reduces routing overhead.

Area Types

• Backbone Area (Area 0): Central area, all other areas must connect
• Standard Area: Normal area with full LSA database
• Stub Area: Blocks external LSAs, uses default route
• Totally Stubby Area: Blocks external and summary LSAs
• Not-So-Stubby Area (NSSA): Allows limited external routes

Single-Area OSPF Configuration

Basic OSPF Lab

# Single-area OSPF topology
name: ospf-single-area
prefix: ospf

topology:
  nodes:
    r1:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.10
      startup-config: |
        hostname R1
        !
        interface Loopback0
         ip address 1.1.1.1 255.255.255.255
        !
        interface GigabitEthernet0/0/0
         description To-R2
         ip address 10.1.12.1 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description To-R3
         ip address 10.1.13.1 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/2
         description LAN
         ip address 192.168.1.1 255.255.255.0
         no shutdown
        !
        router ospf 1
         router-id 1.1.1.1
         network 1.1.1.1 0.0.0.0 area 0
         network 10.1.12.0 0.0.0.3 area 0
         network 10.1.13.0 0.0.0.3 area 0
         network 192.168.1.0 0.0.0.255 area 0
        !

    r2:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.11
      startup-config: |
        hostname R2
        !
        interface Loopback0
         ip address 2.2.2.2 255.255.255.255
        !
        interface GigabitEthernet0/0/0
         description To-R1
         ip address 10.1.12.2 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description To-R3
         ip address 10.1.23.2 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/2
         description LAN
         ip address 192.168.2.1 255.255.255.0
         no shutdown
        !
        router ospf 1
         router-id 2.2.2.2
         network 2.2.2.2 0.0.0.0 area 0
         network 10.1.12.0 0.0.0.3 area 0
         network 10.1.23.0 0.0.0.3 area 0
         network 192.168.2.0 0.0.0.255 area 0
        !

    r3:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.12
      startup-config: |
        hostname R3
        !
        interface Loopback0
         ip address 3.3.3.3 255.255.255.255
        !
        interface GigabitEthernet0/0/0
         description To-R1
         ip address 10.1.13.2 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description To-R2
         ip address 10.1.23.1 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/2
         description LAN
         ip address 192.168.3.1 255.255.255.0
         no shutdown
        !
        router ospf 1
         router-id 3.3.3.3
         network 3.3.3.3 0.0.0.0 area 0
         network 10.1.13.0 0.0.0.3 area 0
         network 10.1.23.0 0.0.0.3 area 0
         network 192.168.3.0 0.0.0.255 area 0
        !

    # End devices for testing
    pc1:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.1.10/24 dev eth1
        - ip route add default via 192.168.1.1

    pc2:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.2.10/24 dev eth1
        - ip route add default via 192.168.2.1

    pc3:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.3.10/24 dev eth1
        - ip route add default via 192.168.3.1

  links:
    # Router interconnections
    - endpoints: ["r1:eth1", "r2:eth1"]
    - endpoints: ["r1:eth2", "r3:eth1"]
    - endpoints: ["r2:eth2", "r3:eth2"]

    # LAN connections
    - endpoints: ["r1:eth3", "pc1:eth1"]
    - endpoints: ["r2:eth3", "pc2:eth1"]
    - endpoints: ["r3:eth3", "pc3:eth1"]

Basic OSPF Configuration Commands

Enabling OSPF

# Enable OSPF process
router ospf <process-id>
 router-id <router-id>
 network <network> <wildcard-mask> area <area-id>

# Example
router ospf 1
 router-id 1.1.1.1
 network 10.1.1.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0

Interface-Specific Configuration

# Configure OSPF on specific interface
interface GigabitEthernet0/0/0
 ip ospf 1 area 0
 ip ospf cost 100
 ip ospf hello-interval 10
 ip ospf dead-interval 40

OSPF Verification Commands

# Deploy and test the lab
containerlab deploy -t ospf-single-area.yml

# Connect to R1 and verify OSPF
docker exec -it clab-ospf-r1 cli

# Check OSPF neighbors
show ip ospf neighbor

# View OSPF database
show ip ospf database

# Check OSPF interfaces
show ip ospf interface

# Verify routing table
show ip route ospf

# Test connectivity
ping 2.2.2.2
ping 3.3.3.3
traceroute 192.168.3.10

OSPF Neighbor Relationships

Neighbor States

OSPF routers go through several states when forming neighbor relationships:

1. Down: No Hello packets received
2. Init: Hello packet received
3. 2-Way: Bidirectional communication established
4. ExStart: Master/slave relationship established
5. Exchange: Database description packets exchanged
6. Loading: Link state requests sent
7. Full: Databases synchronized

Hello Protocol

OSPF uses Hello packets for neighbor discovery and maintenance.

Hello Packet Contents

• Router ID
• Area ID
• Network mask
• Hello interval
• Dead interval
• Designated Router (DR)
• Backup Designated Router (BDR)
• Neighbor list

Hello Timers

# Default timers
# Broadcast/Point-to-Point: Hello 10s, Dead 40s
# NBMA: Hello 30s, Dead 120s

# Modify timers
interface GigabitEthernet0/0/0
 ip ospf hello-interval 5
 ip ospf dead-interval 20

Designated Router (DR) Election

On multi-access networks, OSPF elects a DR and BDR to reduce LSA flooding.

DR Election Process

1. Priority: Highest OSPF priority wins (0-255)
2. Router ID: Highest Router ID if priority ties
3. Preemption: No preemption (first elected stays)

# Configure OSPF priority
interface GigabitEthernet0/0/0
 ip ospf priority 100

# Disable DR election (point-to-point)
interface GigabitEthernet0/0/0
 ip ospf network point-to-point

Multi-Area OSPF

Multi-Area OSPF Benefits

• Reduced SPF calculations: Changes in one area don’t affect others
• Smaller routing tables: Route summarization at area borders
• Faster convergence: Localized flooding
• Better scalability: Hierarchical design

Multi-Area OSPF Lab

# Multi-area OSPF topology
name: ospf-multi-area
prefix: ospf-ma

topology:
  nodes:
    # Area 0 (Backbone) routers
    r1:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.10
      startup-config: |
        hostname ABR-R1
        !
        interface Loopback0
         ip address 1.1.1.1 255.255.255.255
        !
        interface GigabitEthernet0/0/0
         description Backbone-to-R2
         ip address 10.0.12.1 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description Area1-to-R3
         ip address 10.1.13.1 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/2
         description Area1-LAN
         ip address 192.168.1.1 255.255.255.0
         no shutdown
        !
        router ospf 1
         router-id 1.1.1.1
         network 1.1.1.1 0.0.0.0 area 0
         network 10.0.12.0 0.0.0.3 area 0
         network 10.1.13.0 0.0.0.3 area 1
         network 192.168.1.0 0.0.0.255 area 1
         area 1 range 192.168.0.0 255.255.252.0
        !

    r2:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.11
      startup-config: |
        hostname ABR-R2
        !
        interface Loopback0
         ip address 2.2.2.2 255.255.255.255
        !
        interface GigabitEthernet0/0/0
         description Backbone-to-R1
         ip address 10.0.12.2 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description Area2-to-R4
         ip address 10.2.24.2 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/2
         description Area2-LAN
         ip address 192.168.4.1 255.255.255.0
         no shutdown
        !
        router ospf 1
         router-id 2.2.2.2
         network 2.2.2.2 0.0.0.0 area 0
         network 10.0.12.0 0.0.0.3 area 0
         network 10.2.24.0 0.0.0.3 area 2
         network 192.168.4.0 0.0.0.255 area 2
         area 2 range 192.168.4.0 255.255.252.0
        !

    # Area 1 router
    r3:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.12
      startup-config: |
        hostname Area1-R3
        !
        interface Loopback0
         ip address 3.3.3.3 255.255.255.255
        !
        interface GigabitEthernet0/0/0
         description To-ABR-R1
         ip address 10.1.13.2 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description Area1-LAN
         ip address 192.168.2.1 255.255.255.0
         no shutdown
        !
        router ospf 1
         router-id 3.3.3.3
         network 3.3.3.3 0.0.0.0 area 1
         network 10.1.13.0 0.0.0.3 area 1
         network 192.168.2.0 0.0.0.255 area 1
        !

    # Area 2 router
    r4:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.13
      startup-config: |
        hostname Area2-R4
        !
        interface Loopback0
         ip address 4.4.4.4 255.255.255.255
        !
        interface GigabitEthernet0/0/0
         description To-ABR-R2
         ip address 10.2.24.1 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description Area2-LAN
         ip address 192.168.5.1 255.255.255.0
         no shutdown
        !
        router ospf 1
         router-id 4.4.4.4
         network 4.4.4.4 0.0.0.0 area 2
         network 10.2.24.0 0.0.0.3 area 2
         network 192.168.5.0 0.0.0.255 area 2
        !

    # Test devices
    pc1:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.1.10/24 dev eth1
        - ip route add default via 192.168.1.1

    pc2:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.2.10/24 dev eth1
        - ip route add default via 192.168.2.1

    pc4:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.4.10/24 dev eth1
        - ip route add default via 192.168.4.1

    pc5:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.5.10/24 dev eth1
        - ip route add default via 192.168.5.1

  links:
    # Backbone area connections
    - endpoints: ["r1:eth1", "r2:eth1"]

    # Area border connections
    - endpoints: ["r1:eth2", "r3:eth1"]
    - endpoints: ["r2:eth2", "r4:eth1"]

    # LAN connections
    - endpoints: ["r1:eth3", "pc1:eth1"]
    - endpoints: ["r3:eth2", "pc2:eth1"]
    - endpoints: ["r2:eth3", "pc4:eth1"]
    - endpoints: ["r4:eth2", "pc5:eth1"]

Area Border Router (ABR) Configuration

ABRs connect different OSPF areas and perform route summarization.

# Configure area summarization
router ospf 1
 area 1 range 192.168.0.0 255.255.252.0
 area 2 range 192.168.4.0 255.255.252.0

# Verify ABR status
show ip ospf
show ip ospf border-routers

OSPF Authentication

Authentication Types

Plain Text Authentication

# Area-wide authentication
router ospf 1
 area 0 authentication

# Interface authentication
interface GigabitEthernet0/0/0
 ip ospf authentication-key cisco123

MD5 Authentication (Recommended)

# Area-wide MD5 authentication
router ospf 1
 area 0 authentication message-digest

# Interface MD5 key
interface GigabitEthernet0/0/0
 ip ospf message-digest-key 1 md5 SecureKey123

Authentication Lab Example

# OSPF with MD5 authentication
startup-config: |
  router ospf 1
   router-id 1.1.1.1
   area 0 authentication message-digest
   network 10.1.1.0 0.0.0.255 area 0
  !
  interface GigabitEthernet0/0/0
   ip address 10.1.1.1 255.255.255.0
   ip ospf message-digest-key 1 md5 MySecretKey
   no shutdown
  !

OSPF Route Types and LSAs

OSPF Route Types

Code	Type	Description
O	Intra-area	Routes within the same area
O IA	Inter-area	Routes from other areas
O E1	External Type 1	External routes with internal cost
O E2	External Type 2	External routes with external cost only
O N1	NSSA External Type 1	NSSA external with internal cost
O N2	NSSA External Type 2	NSSA external with external cost

Link State Advertisements (LSAs)

LSA Types

Type	Name	Generated By	Purpose
1	Router LSA	All routers	Describe router’s links
2	Network LSA	DR	Describe multi-access network
3	Summary LSA	ABR	Advertise networks between areas
4	ASBR Summary LSA	ABR	Advertise ASBR location
5	External LSA	ASBR	Advertise external routes
7	NSSA External LSA	ASBR in NSSA	External routes in NSSA

# View LSA database
show ip ospf database
show ip ospf database router
show ip ospf database network
show ip ospf database summary
show ip ospf database external

OSPF Metrics and Path Selection

OSPF Cost Calculation

OSPF uses cost as its metric, calculated as: Cost = Reference Bandwidth / Interface Bandwidth

Default reference bandwidth: 100 Mbps

# Modify reference bandwidth
router ospf 1
 auto-cost reference-bandwidth 10000  # 10 Gbps

# Set interface cost manually
interface GigabitEthernet0/0/0
 ip ospf cost 50

# View interface costs
show ip ospf interface

Load Balancing

OSPF supports equal-cost load balancing across multiple paths.

# Configure maximum paths (default is 4)
router ospf 1
 maximum-paths 6

# Verify load balancing
show ip route 192.168.1.0
show ip cef 192.168.1.0

OSPF Troubleshooting

Common OSPF Issues

Neighbor Adjacency Problems

# Symptoms
- Neighbors not forming
- Stuck in ExStart/Exchange state
- Frequent neighbor flapping

# Diagnosis
show ip ospf neighbor
show ip ospf interface
debug ip ospf hello
debug ip ospf adj

# Common causes and solutions
# 1. Hello/Dead timer mismatch
interface GigabitEthernet0/0/0
 ip ospf hello-interval 10
 ip ospf dead-interval 40

# 2. Area mismatch
router ospf 1
 network 10.1.1.0 0.0.0.255 area 0

# 3. Authentication mismatch
interface GigabitEthernet0/0/0
 ip ospf message-digest-key 1 md5 CorrectKey

# 4. MTU mismatch
interface GigabitEthernet0/0/0
 ip mtu 1500
 ip ospf mtu-ignore

Routing Table Issues

# Missing routes
show ip ospf database
show ip route ospf
show ip ospf border-routers

# Suboptimal routing
show ip ospf interface | include Cost
show ip route 192.168.1.0 longer-prefixes

LSA Database Problems

# Database synchronization issues
show ip ospf database
show ip ospf statistics
clear ip ospf process

# LSA aging and refresh
show ip ospf database | include Age
show ip ospf database self-originate

Diagnostic Commands

Essential OSPF Show Commands

# Neighbor information
show ip ospf neighbor
show ip ospf neighbor detail

# Interface information
show ip ospf interface
show ip ospf interface brief

# Database information
show ip ospf database
show ip ospf database router
show ip ospf database summary

# Process information
show ip ospf
show ip protocols
show ip route ospf

Advanced Troubleshooting

# Debug commands (use carefully)
debug ip ospf hello
debug ip ospf adj
debug ip ospf spf
debug ip ospf lsa-generation

# Statistics and monitoring
show ip ospf statistics
show ip ospf flood-list
show ip ospf request-list
show ip ospf retransmission-list

OSPF Optimization

Convergence Optimization

SPF Throttling

# Configure SPF timers
router ospf 1
 timers throttle spf 5 50 5000
 # Initial delay: 5ms
 # Minimum hold time: 50ms
 # Maximum hold time: 5000ms

LSA Throttling

# Configure LSA generation throttling
router ospf 1
 timers throttle lsa 5 50 5000

Hello Interval Tuning

# Faster convergence with shorter timers
interface GigabitEthernet0/0/0
 ip ospf hello-interval 1
 ip ospf dead-interval 3

Memory and CPU Optimization

Area Design

# Implement proper area hierarchy
# Keep areas small (< 50 routers)
# Use area summarization
router ospf 1
 area 1 range 192.168.0.0 255.255.252.0

LSA Filtering

# Filter LSAs at area borders
router ospf 1
 area 1 filter-list prefix AREA1-FILTER in
 area 1 filter-list prefix AREA1-FILTER out

Advanced OSPF Features

Stub Areas

Stub Area Configuration

# Configure stub area
router ospf 1
 area 1 stub
 network 10.1.1.0 0.0.0.255 area 1

# Totally stubby area (Cisco proprietary)
router ospf 1
 area 1 stub no-summary

NSSA Configuration

# Configure NSSA
router ospf 1
 area 1 nssa
 redistribute static subnets

# NSSA totally stubby
router ospf 1
 area 1 nssa no-summary

Virtual Links

Virtual links connect areas to the backbone through a transit area.

# Configure virtual link
router ospf 1
 area 1 virtual-link 2.2.2.2
 # 2.2.2.2 is the router ID of the other end

Route Filtering and Manipulation

# Filter routes with distribute lists
router ospf 1
 distribute-list 10 out
 distribute-list prefix OSPF-FILTER in

# Modify route attributes
route-map OSPF-METRIC permit 10
 set metric 100
 set metric-type type-1

router ospf 1
 redistribute static route-map OSPF-METRIC

OSPF Best Practices

Design Guidelines

1. Hierarchical Design: Use proper area structure
2. Area Size: Keep areas manageable (< 50 routers)
3. Backbone Connectivity: All areas must connect to Area 0
4. Route Summarization: Implement at area borders
5. Authentication: Use MD5 authentication

Configuration Best Practices

1. Router ID: Use loopback interfaces for stability
2. Reference Bandwidth: Adjust for high-speed links
3. Timers: Tune for convergence requirements
4. Passive Interfaces: Secure unnecessary OSPF interfaces
5. Area Types: Use stub areas where appropriate

# Best practice configuration template
router ospf 1
 router-id 1.1.1.1
 auto-cost reference-bandwidth 10000
 passive-interface default
 no passive-interface GigabitEthernet0/0/0
 area 0 authentication message-digest
 area 1 stub
 area 1 range 192.168.0.0 255.255.252.0
 timers throttle spf 5 50 5000

Summary

OSPF is a robust and scalable routing protocol essential for enterprise networks. Understanding its operation, configuration, and troubleshooting is crucial for network engineers. Proper OSPF design with appropriate area structure, authentication, and optimization ensures reliable and efficient routing.

Key concepts covered: - OSPF fundamentals and operation - Single-area and multi-area configuration - Neighbor relationships and DR election - Authentication and security - Route types and LSAs - Troubleshooting methodologies - Performance optimization techniques

In the next chapter, we’ll explore EIGRP, Cisco’s proprietary routing protocol with unique features and capabilities.

Review Questions

1. What are the advantages of OSPF over distance vector protocols?
2. How does the DR/BDR election process work?
3. What are the benefits of implementing multi-area OSPF?
4. How do you troubleshoot OSPF neighbor adjacency issues?
5. What are the different OSPF area types and their use cases?

Hands-on Exercises

Exercise 1: Single-Area OSPF

1. Deploy the single-area OSPF lab
2. Configure OSPF on all routers
3. Verify neighbor relationships and routing tables
4. Test connectivity and path selection

Exercise 2: Multi-Area OSPF

1. Implement the multi-area OSPF topology
2. Configure ABRs with route summarization
3. Verify inter-area routing
4. Test area isolation and summarization

Exercise 3: OSPF Authentication

1. Configure MD5 authentication on OSPF areas
2. Test authentication failures and recovery
3. Implement different authentication keys
4. Verify security improvements

Exercise 4: OSPF Troubleshooting

1. Create various OSPF problems (neighbor issues, LSA problems)
2. Practice diagnostic commands and procedures
3. Develop systematic troubleshooting approaches
4. Document solutions and prevention strategies

Additional Resources

• OSPF RFC 2328
• Cisco OSPF Configuration Guide
• OSPF Design Guide
• OSPF Troubleshooting Guide